Brute-Force Attacks Leave Android’s Full Disk Encryption Vulnerable

Last week, security researcher Gal Beniamini publicized security flaws in Android devices with Qualcomm chipsets, demonstrating that attackers can exploit vulnerabilities in the full disk encryption solution by running brute-force attacks to extract the encrypted keys.

Full disk encryption relies on randomly generated keys, called the device encryption key (DEK), which is itself encrypted based on the user’s PIN, password, or swiping pattern.

In light of the recent legal tussle that embroiled Apple- when the FBI demanded that the company decrypt the iPhone used by the terrorists involved in the San Bernardino attacks- Beniamini’s discovery seemed to be a major one.

However, Qualcomm claims that it informed Google of the flaws as early as November 2014, whereas Google only released patches for the vulnerabilities earlier this year- more than a year later.

Part of the issue seems to be that Android runs on a diverse array of devices that are not manufactured by Google and are therefore out of its control, unlike Apple, which manufactures its iPhones. Another exacerbating factor seems to have been that Qualcomm’s chipsets store their encryption keys in software rather than hardware.

When keys are encrypted in hardware, attempting a certain number of incorrect password guesses automatically triggers a memory wipe of the device. When the keys are encrypted in software however, they can be pulled from smartphones and decrypted by brute-force, quickly running a large number of password attempts to find the keys.

Google issued the patches for the flaws after Beniamini had publicized them, rewarding the researcher with compensation through its bug bounty program. Still, it’s unclear why they did not heed Qualcomm’s earlier warnings dating back to 2014 and 2015.

According to Techcrunch, one possibility is that the sheer magnitude and diversity of the Android ecosystem, involving thousands of different devices, hindered the Android security team. Moreover, the diversity of the Android ecosystem, which involves multiple manufacturers, means that many more flaws are likely to slip through the cracks and evade detection.

Google’s approach seems to be to rely heavily on machine learning to expedite and improve detection of flaws in Android devices rather than removing them entirely.

As such, Beniamini notes that it’s highly likely that a large number of devices are still vulnerable to the exploit he discovered, because the original equipment manufacturers (OEM’s) themselves have not yet applied the patch Google released.